Note: This is an archival copy of Security Sun Alert 200459 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000339.1.
Article ID : 1000339.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-01-02
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Sun Ray Utility utxconfig(1)

Category
Security

Release Phase
Resolved

Product
Sun Ray Server Software 3.0
Sun Ray Server Software 2.0

Bug Id
6319180

Date of Workaround Release
07-AUG-2006

Date of Resolved Release
03-JAN-2007

Impact

A security vulnerability in the Sun Ray Server 2.0 and 3.x Software (SRSS) utxconfig(1) utility may allow a local unprivileged user the ability to create or overwrite arbitrary files on the system.

Note: utxconfig(1) is the Sun Ray DTU X server configuration utility.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Ray Server Software 2.0 (for Solaris 8 and 9) without patch 114880-10
  • Sun Ray Server Software 3.0 (for Solaris 8 and 9) without patch 118979-02
  • Sun Ray Server Software 3.1 (for Solaris 8, 9 and 10) without patch 120879-01

x86 Platform

  • Sun Ray Server Software 3.1 (for Solaris 10) without patch 120880-01

Linux Platform

  • Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0) without patch 119836-02
  • Sun Ray Server Software 3.1 (for JDS R2, RHELAS 3.0, SLES 8.0) without patch 120881-01

Notes:

  1. Sun Ray Server Software 1.x is not affected by this issue.
  2. Sun Ray Server Software 2.0 is not supported on Solaris 10 or for the x86 Platform.
  3. Sun Ray Server Software 3.0 is not supported on the Solaris x86 platform. (3.1 only)
  4. Sun Ray Server Software 3.1 is not supported for Solaris 8 and 9 on the x86 platform. (Solaris 10 only)

To determine the version of Sun Ray Server Software on a system, the following command can be run:

    # /usr/bin/pkginfo -l SUNWuto | grep -i version
    VERSION:  3.1_32,REV=2005.08.24.08.55

To determine if the utxconfig(1) utility has been installed as part of the Sun Ray server software, the following command can be run:

    $ pkginfo SUNWuta

Symptoms

There are no symptoms that would indicate the described issue has occurred.


Workaround

To work around the described issue, temporarily remove the setuid(2) bit from the utxconfig(1) command until the patch can be applied. To apply this change, the following command can be run:

    # chmod u-s /opt/SUNWut/bin/utxconfig

Note: Removing the setuid(2) bit from the command may decrease its functionality for non-privileged users.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Ray Server Software 2.0 (for Solaris 8 and 9) with patch 114880-10 or later
  • Sun Ray Server Software 3.0 (for Solaris 8 and 9) with patch 118979-02 or later
  • Sun Ray Server Software 3.1 (for Solaris 8, 9 and 10) with patch 120879-01 or later

x86 Platform

  • Sun Ray Server Software 3.1 (for Solaris 10) with patch 120880-01 or later

Linux Platform

  • Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0) with patch 119836-02 or later
  • Sun Ray Server Software 3.1 (for JDS R2, RHELAS 3.0, SLES 8.0) with patch 120881-01 or later


Modification History
Date: 10-AUG-2006

10-Aug-2006:

  • Updated Contributing Factors and Resolution sections

Date: 23-AUG-2006

23-Aug-2006:

  • Updated Contributing Factors section

Date: 03-JAN-2007

03-Jan-2007:

  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

120879-01
120880-01
120881-01
119836-02
118979-02
114880-10




Attachments
This solution has no attachment